Timo Sirainen wrote:
On Wed, 2010-08-25 at 15:51 +0200, Chris Moules wrote:
I think you could pretty easily add support for "default ACL file" that is used instead of the internal ACL defaults. I've been planning on doing that at some point anyway. Maybe ~/Maildir/dovecot-acl-default or something. So, that should be a patch to the current ACL plugin?
Yes.
Any pointers on where to start with that? I only started on dovecot plugin programming yesterday. The ACL plugin seemed the most complex so I avoided it for 'learning'.
Hmm.. Now that I look at the code, the default ACL handling is a bit strange and I guess it needs some rethinking. But, I think for your purpose you can do it very easily. acl-backend.c contains:
static const char *const owner_mailbox_rights[] = { ..
Simply change that list to what rights you want to have (probably LOOKUP, READ).
Timo, many thanks! A recompile with the below changes seems to do the trick! This, obviously, is only good server-wide read-only, but that is what I need. dovecot -n relevant settings: mail_plugins: acl plugin: acl: vfile No imap_acl as we do not want to advertise ACL support via IMAP. Without the "acl = vfile" line in 'plugin' section, it does not work. thanks again Chris Patch: --- dovecot-1.2.13.orig//src/plugins/acl/acl-backend.c 2010-05-24 15:01:15.000000000 +0000 +++ dovecot-1.2.13/src/plugins/acl/acl-backend.c 2010-08-25 15:23:07.000000000 +0000 @@ -12,15 +12,6 @@ static const char *const owner_mailbox_rights[] = { MAIL_ACL_LOOKUP, MAIL_ACL_READ, - MAIL_ACL_WRITE, - MAIL_ACL_WRITE_SEEN, - MAIL_ACL_WRITE_DELETED, - MAIL_ACL_INSERT, - MAIL_ACL_POST, - MAIL_ACL_EXPUNGE, - MAIL_ACL_CREATE, - MAIL_ACL_DELETE, - MAIL_ACL_ADMIN, NULL };